Control Global

Greg McMillan and Stan Weiner Speak with Electrochemical Measurements Expert Jim Gray About the pH Electrode and Its Full Potential as a Measuring Tool

Stan: A measurement is only as good as its calibration. The pH electrode has by far the greatest sensitivity and rangeability of any measurement in the process industry. The electrode can function well in a wide spectrum of process fluids and…

This State of Technology Report is a compendium of the latest trends articles, back-to-basics tutorials, application stories and product solutions recently published in the pages of Control—compiled by the editors and all together here in one convenient eBook.

Despite ongoing advances in instrumentation technology, specifying a flowmeter or level gauge that will reliably perform over the anticipated range of process conditions often remains a complex and subtle engineering task.
Dozens of niche…

Process plants and related facilities such as tank farms are filled with vessels, tanks and similar storage units, and most of these units could benefit from a system to measure, monitor and view inventory on a near real-time basis. "Logistical…

Additional information and wireless connectivity are further improving productivity, reliability and efficiency.

Like other facilities that have been using the HART Communication Protocol for any amount of time, previous recipients of the HART Plant of the Year Award have been busy reaping even more of the benefits the technology provides. These benefits…

BLH Nobel Introduced a System That Quickly and Easily Checks Weighing Systems for Wiring and Mechanical Faults

Load cell weighing systems solve some of the knottiest problems in batch and level control by directly measuring masses of solids and liquids as they're accumulated, dispensed or conveyed. But the load cells must be installed and wired properly, and the load structure must be engineered and constructed correctly to distribute the measured load as axial forces on the cells. What appear on the surface to be simple wiring and construction tasks have caused more than a few problems during commissioning and maintenance due to miswired or poorly made connections, distorted or binding structures, incorrectly installed load cells or rigid connections to adjacent equipment.
Such problems often are not found until a new installation is being…

Recent

Greg McMillan and Stan Weiner Speak with Electrochemical Measurements Expert Jim Gray About the pH Electrode and Its Full Potential as a Measuring Tool

Stan: A measurement is only as good as its calibration. The pH electrode has by far the greatest sensitivity and rangeability of any measurement in the process industry. The electrode can function well in a wide spectrum of process fluids and…

This month, the editors of Control browse the web to get you the latest online resources on loop control. Here's how you can stay in the loop!

This System Is Closed
This is a basic tutorial on closed-loop control systems. It covers the basic definitions and descriptions of how closed-loop systems work, a discussion of closed-loop summing points and how to use them, transfer functions, multi-loop closed-loop systems and closed-loop motor control. The direct link is www.electronics-tutorials.ws/systems/closed-loop-system.html.Electronics Tutorials www.electronics-tutorials.ws
PID Control
VeriCal in-situ calibration verification This is a basic discussion, with illustrations, of the principles of Proportional, Integral, Derivative (PID) and how it is used with controllers. It also covers tuning rules and starting settingf for common control loops. The direct link is at…

Through the looking glass of emerging technologies.

How might we expect emerging technologies to play out in the world of process control? Successfully predicting the future is difficult at best, so we sought out and consulted with industry visionaries and long-term planners to see where there is…

A Frost & Sullivan report, "Programmable Logic Controllers Market," finds that the market earned revenues of $10.37 billion in 2013 and estimates this will reach $14.58 billion in 2018.

According to analyst firm Frost & Sullivan, the global PLC market, which witnessed a strong decline in growth in 2012 due to the uncertain economic scenario in the developed world, has bounced back. Since 2013, it has witnessed positive growth, particularly in the Asia-Pacific region, where the rebound has been fueled by increased activity, especially in the construction, water and wastewater and power industries.
A Frost & Sullivan report, "Programmable Logic Controllers Market," finds that the market earned revenues of $10.37 billion in 2013 and estimates this will reach $14.58 billion in 2018.
In Europe, the need to enhance efficiency and comply with regulations, as well as improve safety and control capabilities, are driving…

Through the looking glass of emerging technologies.

How might we expect emerging technologies to play out in the world of process control? Successfully predicting the future is difficult at best, so we sought out and consulted with industry visionaries and long-term planners to see where there is…

Control Engineering Branches Out to Manage Critical Business Variables Such as Profitability, Risk, Asset Management and Cybersecurity

Most process engineers I talk to look back on the 1970s and 1980s as the heyday of control engineering, and in many ways it was. More engineers were focused on the applications of real-time control theory then than now. And when you look at how far…

The Latest in Computing Technology Is Here

VERSATILE AUTOMATION COMPUTERS These four new computers are designed for the challenging requirements of the machine automation industries. UNO-3073 and UNO-3073GL have Intel Celeron 1.1- MHz and 1.0-MHz processors; UNO-3083G and UNO-3085G have Intel Core i7 2.2- MHz processors. They have up to five PCI/PCIe expansion slots and support high-speed PCIe x16, x8, x4 and x1 cards and legacy PCI cards. Advantech Industrial Automation Group 800-205-7940www.advantech.com/ea
GAME-CHANGING PACs PACSystems RXi, a new control and computing platform, is designed for the needs of the industrial Internet. The core of the product family is a COM Express architecture with multi-core CPUs. Its configurations are unique in the industry, and able to…

Smart Drives, Mechatronics, Variable-Speed Drives and More Power Options

MEDIUM-VOLTAGE AC DRIVE MV1000 medium-voltage ac drives combine compact modular design, high efficiency and a good MTBF rate. Smart Harmonics technology reduces input total harmonic distortion to less than 2.5% without filters, which exceeds the requirements of IEEE519-1992. It also provides galvanic isolation between power input and output, and uses two 5-V step bridges per phase to generate a 17-level, line-to-line voltage output delivered to the motor. Yaskawa800-927-5292
VSD WITH SMARTSAltivar Process is a range of VSDs from 1 hp to 1,500 hp that come with embedded process knowledge, configurable on-board dashboards and a graphical HMI display. An advanced, secure, integrated web server lets operators access technical…

Since the goal is to control loop stability, the choice that gives you the best chance of that is the one to make.

Question:
Is there some general rule on when we should use =% (equal percentage) and when linear control valves? I know that the determining factor is the inherent flow characteristic, the flow vs. lift at constant pressure drop, or something like…

After six decades of developing on/off valve automation solutions, it might seem logical for Emerson Process Management to pause and take a well-deserved breather. But anyone who thinks that doesn't know how this company works. Just like the…

Smart Drives, Mechatronics, Variable-Speed Drives and More Power Options

MEDIUM-VOLTAGE AC DRIVE MV1000 medium-voltage ac drives combine compact modular design, high efficiency and a good MTBF rate. Smart Harmonics technology reduces input total harmonic distortion to less than 2.5% without filters, which exceeds the requirements of IEEE519-1992. It also provides galvanic isolation between power input and output, and uses two 5-V step bridges per phase to generate a 17-level, line-to-line voltage output delivered to the motor. Yaskawa800-927-5292
VSD WITH SMARTSAltivar Process is a range of VSDs from 1 hp to 1,500 hp that come with embedded process knowledge, configurable on-board dashboards and a graphical HMI display. An advanced, secure, integrated web server lets operators access technical…

Through the looking glass of emerging technologies.

How might we expect emerging technologies to play out in the world of process control? Successfully predicting the future is difficult at best, so we sought out and consulted with industry visionaries and long-term planners to see where there is…

Through the looking glass of emerging technologies.

How might we expect emerging technologies to play out in the world of process control? Successfully predicting the future is difficult at best, so we sought out and consulted with industry visionaries and long-term planners to see where there is…

Local automation pros can learn about key industry developments, gain development hours and upgrade their outdoor skills

Automation professionals in the Los Angeles area will be able to update their professional knowledge, explore key automation trends, receive professional development hours, meet leading industry experts—and improve their outdoor skills—when Siemens brings its Process Automation Tour to Bass Pro Shops in Rancho Cucamonga, Calif., on March 26, 2015.
Session topics will include:
Industrial security for process automation, including a review of the standards (IEC 62443), organizations (NIST) and proper implementations of those standards
Alarm management, with a focus on meeting ISA-18.2, condition monitoring of critical assets and improving operator effectiveness
Process safety management update, including how to keep your system compliant…

The GX and GP Products Are the First of a New SmartDAC+ Product Family

Yokogawa has released the GX and GP Series of digital data acquisition systems, products that go far beyond functionality of the original paperless recorder. Complementing Yokogawa's DXA Advanced R4 series, the GX and GP bring some features that are…

Recent

Because Big Data is Really More of the Same Data, Engineers and Other End Users Find Ways to Take Advantage of New Sources of Intelligence

I'm sorry to be a downer at the start of a shiny New Year, but I'm continually reminded that most new and unfamiliar technical concepts are just more of the same old concepts. Big data is really more of the same data. The Internet of Things (IoT)…

Reader says "NERC CIP does not make the grid more secure or reliable."

In response to Joe Weiss' blog post of Jan. 19, I totally disagree about NERC CIP not making the grid more secure or reliable. Just a few reasons. I have seen where control systems were operated without malware and ultimately became infected. At…

Diagnosing a signaled instrument failure is tricky, time-consuming and usually is called for at a most inconvenient time, but better diagnostics are making the task easier.

Physical Layer Diagnostic Improvements
Why is it, after weeks of seemingly trouble-free plant operation, the phone rings on the holiday weekend when the goose is in the oven and the table is set for dinner? Fortunately for me, the crew on shift was…

A badly designed network is often the weakest link in the system.

IoT's Weakest Link
A common conversation among many industrial networking specialists these days revolves around whether we should be distinguishing between wired and wireless networks. WINA, of which I am chairman, is one organization taking a…

We are destined to have a multiplicity of protocols in our facilities.

Regarding, John Rezabek's February On the Bus column: I think we are destined to have a multiplicity of protocols in our facilities. Actuators and sensors will be at the level of the not-Internet of Things; Ethernet makes no sense there. But…

This white paper is the first in a series to outline a new epoch of industrial automation. All aspects of control system reliability, security and lifecycle cost have been rethought from first principles.

Open Secure Automation™ from Bedrock delivers new levels of ICS reliability, embedded security and unified automation performance at much lower life cycle costs. The mission starts with reinventing the backplane. Bedrock's Backplane Module Interconnect (BMI) is designed with an advanced architecture, industrial grade materials and passive fail-safe principles. With a new foundation, automation can be rebuilt. There is no other way.
This white paper is the first in a series to outline a new epoch of industrial automation. All aspects of control system reliability, security and lifecycle cost have been rethought from first principles.
Download the white paper titled "Revolution" and learn more.

Mobility's True Value Lies in Enabling New Possibilities

Rockwell Automation takes seriously the needs of its users to access information when on the go. For years now, they've offered the ability to send text or email notifications to mobile devices or replicate in-plant or desktop user interfaces on…

Reader says "NERC CIP does not make the grid more secure or reliable."

In response to Joe Weiss' blog post of Jan. 19, I totally disagree about NERC CIP not making the grid more secure or reliable. Just a few reasons. I have seen where control systems were operated without malware and ultimately became infected. At…

As project details take shape, look to collaborative platforms and decoupled hardware and software development paths to speed execution efforts

As early project visioning shifts into more detailed engineering, it's time to take a much closer look at how the latest automation technology and project execution methodologies can be brought to bear for project success. Key automation…

Local automation pros can learn about key industry developments, gain development hours and upgrade their outdoor skills

Automation professionals in the Los Angeles area will be able to update their professional knowledge, explore key automation trends, receive professional development hours, meet leading industry experts—and improve their outdoor skills—when Siemens brings its Process Automation Tour to Bass Pro Shops in Rancho Cucamonga, Calif., on March 26, 2015.
Session topics will include:
Industrial security for process automation, including a review of the standards (IEC 62443), organizations (NIST) and proper implementations of those standards
Alarm management, with a focus on meeting ISA-18.2, condition monitoring of critical assets and improving operator effectiveness
Process safety management update, including how to keep your system compliant…

Coca-Cola and GE Lighting Use Proficy Workflow, Historian, iFix HMI SCADA and Portal Software to Streamline Lighting and Refreshment Production

Seeing is believing, and bringing operational information into the light makes it usable by everyone in an enterprise—allowing them all to make faster, more productive decisions.
This enhanced awareness was especially useful at GE Lighting,…

As project details take shape, look to collaborative platforms and decoupled hardware and software development paths to speed execution efforts

As early project visioning shifts into more detailed engineering, it's time to take a much closer look at how the latest automation technology and project execution methodologies can be brought to bear for project success. Key automation…

Find out what certification ABB Canada received and what B&B ELectronics' new name is.

ABB's operations in Canada have been certified by TÜV SÜD as having in place and applying a functional safety management system (FSMS) for the design and engineering of safety instrumented system (SIS) projects in accordance with industry good practice safety standards. These standards include IEC 61508 and IEC 61511 for the integration and implementation of safety instrumented systems. Networking technology provider B&B Electronics has changed its name to B+B SmartWorx. While continuing to develop mission-critical network connectivity technology for remote or demanding environments, B+B SmartWorx is expanding into the emerging Internet of Things market and embedding intelligence throughout the network connectivity stack from edge…

The Department of Homeland Security wants to help you prevent, respond to and recover from cyber attacks.

As we go to press, the U.S. Congress is threatening to suspend funding for the Department of Homeland Security (DHS). Some members are even calling for its dissolution. But assuming it's still around when you read this, you might consider enlisting…

What do 9/11, the Detroit Bomber and ICS Security Have in Common?

By Walt Boyes, Editor in Chief
In his "Unfettered" blog post, "What do 9/11, the Detroit Bomber and ICS Security Have in Common," Joe Weiss makes a really good point: The result of all governments' responses to the Dec. 25 incident on the approach…

Recent

Will Electronic Marshalling Mean the End of the "Bespoke" Enclosure?

Unlike clothing fashions, enclosure styles don't change a lot from year to year. A 40-year-old enclosure doesn't stand out like your dad's leisure suit. After all, a big metal box is pretty much a big metal box, even with the added glitz of…

Cybersecurity in Your Safety DNA

If Your Functional Safety and Cybersecurity Programs Aren't Intertwined, You May Not Be as Safe as You Think

"In many languages, there is only one word for safety and security. In German, for example, the word is 'Sicherheit;' in Spanish it is 'seguridad;' in French it is 'sécurité;' and in Italian it is 'sicurezza.' " That's the start of the 2010 article by John Cusimano Director of exida's security services division and Eric Byres, CTO of Byres Security. Both Cusimano and Byres have significant expertise in both safety and security in process plants. Their article was titled, "Safety and Security: Two Sides of the Same Coin." They were introducing a relatively new concept that grew out of the similarity between layers of protection analysis (LOPA) for safety instrumented systems (SIS) and the defense in depth (DID) strategy for cybersecurity in industrial control systems.

About the Author

Walt Boyes has more than 30 years of experience in sales, sales management, marketing, and product development in the automation industry both for sensors, devices and control systems for industrial and environmental controls, including Executive Committee and Board experience in several companies. Walt currently is serving as Editor-in-Chief of CONTROL and www.controlglobal.com.

That was three years ago. Something has changed in the process industries, but not every top manager or plant manager or plant or corporate IT executive has seen the ramifications of it.

That "something" was, of course, the discovery of the infamous Stuxnet malware, which infected an Iranian uranium enrichment plant and damaged or destroyed over 100 special-purpose centrifuges. Morteza Rezaei, an Iranian automation professional, says, "Main affected country in the early days of the infection was Iran, so I could find many infected projects easily."

It's Not Just the Network Anymore

In case you've been asleep for the past two years or not paying attention or had your head in the sand or your fingers in your ears singing, "La la la la, I can't hear you!," you will know something about Stuxnet. Here's a quick reminder of what it did, and why it is important.

In Nancy Bartels' cover story in October 2010 ("Worst Fears Realized"), Nicolas Falliere of security vendor Symantec says, "Stuxnet can steal code and design projects, and also hide itself using a classic Windows rootkit, but unfortunately it can also do much more. It has the ability to take advantage of the programming software to also upload its own code to a PLC typically monitored by SCADA systems. Stuxnet then hides these code blocks, so when programmers using an infected machine try to view all of the code blocks on a PLC, they will not see the code injected by Stuxnet. Thus, Stuxnet isn't just a rootkit that hides itself on Windows, but is the first publicly known rootkit that is able to hide injected code located on a PLC."

Falliere adds, "In particular, Stuxnet hooks the programming software, which means that when someone uses the software to view code blocks on the PLC, the injected blocks are nowhere to be found. This is done by hooking enumeration, read-and-write functions, so that you can't accidentally overwrite the hidden blocks as well. Stuxnet contains 70 encrypted code blocks that appear to replace some 'foundation routines' that take care of simple, yet very common tasks, such as comparing file times, and others that are custom code and data blocks. By writing code to the PLC, Stuxnet can potentially control or alter how the system operates."

The two fundamental takeaways from this, for managers and directors and all IT people working in manufacturing enterprises are, first, that network-centric cybersecurity planning works just as well as the Maginot Line, and second, that any control system in any industry is vulnerable to a Stuxnet-type attack, whether or not it is connected to an IT-serviced network.

There is a third fundamental point that must be made. Stuxnet used cyber means to attack a plant's operating control system and make it fail in a dangerious and unsafe way.

Safety and Security Intertwined

ISA84 (now IEC61511 and 61508) recognized the need for active functional safety programs in process plants. Many plants now have formal functional safety programs. They have re-evaluated their alarm management systems and have brought their SIS into compliance with the IEC standards. Luis Duran, a safety expert with ABB, puts it this way: "I see that plants and companies with a strong safety culture see safety as a core value positively affecting their economic performance."

Some companies are very far down the road to functional safety. The Dow Chemical Co., as Eric Cosman, co-chair of ISA99 and a security expert for Dow points out, has been working on functional safety since the early 1960s. What a lot of people don't know, he notes, is that Dow has had an active cybersecurity program since the 1990s.

"From my perspective," says Walter Sikora, vice president of security solutions of Industrial Defender, "safety is taken seriously, openly communicated and a high priority. Most utilities and plants have a 'safety moment' before every meeting to stress the point. Even before someone is allowed to visit a plant, they usually go through a safety training video. Very few, if any, companies do the same with cybersecurity. Have you ever visited a process plant and seen a big sign showing how many days since their last cyber incident?"

"It depends on the industry," says Joe Weiss, principal of Applied Control Solutions and chief blogger of Control's "Unfettered" cybersecurity blog. "The electric industry treats security as a compliance, not a reliability or safety issue. Other industries, such as chemical and petroleum, treat security as an important reliability and safety consideration. For example, consider the membership of the ISA99 Leadership Committee. The end users on the committee are primarily from oil/gas and chemicals, with no representation from electric utilities."

But it's not just electric companies that don't get the security/safety nexus. Many companies see cybersecurity as solely an IT problem.

Weiss points out, "I have found that senior management are keenly aware of IT security issues because of Sarbanes-Oxley, but they are only aware of control system security when something bad happens. An ongoing dilemma is how to educate senior management to be as interested in protecting their operational assets as they are in having their ERP installed on time and within budget."

How easy it is to invade the control system

Figure 1. Here are a lot of ways to invade, take over and control the automation system in a process plant. Safe? Secure? Not hardly.

Echoing Cosman, Weiss goes on, "Plant management often feels that cybersecurity is an IT issue—protecting emails and the data in enterprise servers. Another ongoing dilemma is how to educate plant management to understand how cybersecurity can affect reliability and safety."

Sikora adds, "There is too much focus on the technical aspects of security and less on the business aspects. We need to educate our engineers to speak a business language and present to management metrics around security. Our security risk is X. We need to invest Y to reduce our risk by Z."

Al Fung, director of marketing for safety and critical control solutions for Invensys Operations Management (IOM) says, however, "We are seeing a shift in attitude towards raising the importance of security."

Managers are reaching out to the cyber and safety communities to learn and understand the impact and consequence of an attack, Fung says, and they are engaging control system vendors to help prevent and mitigate potential risks.

That's good, because just like safety, security is not fundamentally a vendor issue. Fung's IOM colleague, program manager-cybersecurity, Ernie Rakaczky, has pointed out that the responsibility of the vendor to produce secure systems solves about 25% of the problem, while the end users are responsible for the remaining 75% in the way they implement security policies, procedures, training and enforcement. Just as companies need to create and maintain a safety culture, they also need to create and maintain a security culture—and recognize that the two cultures are the same.

Fung goes on, "Defense-in-depth security is similar in approach to layers of protection for safety in the context of risk reduction and mitigation. Any plant design, safety risk assessment and hazard analysis that involves the use of any industrial control equipment needs to include a security assessment as part of the design for plant safety. If it isn't an integral part, it should be."

And here's where plant security and safety collide. "Plant management and executive management may be concerned about, but do not understand industrial control security," John Cusimano says. Most often they look to the IT department, but "the challenge is that while IT knows how to secure networks, it does not know how to properly apply security control in an industrial control system (ICS) environment. Security assessments tend to focus on fundamentals, such as strengths of passwords, and definitely do not address how to secure ICS protocols."

Safety, Security and Compliance

In the United States, when the Occupational Safety and Health Administration (OSHA) was established in 1971 under the Nixon administration, the new agency focused on workplace safety, not functional safety in the process industries. It also focused on "compliance" to the Occupational Safety and Health Act of 1970.

Since that time, the number of usually avoidable accidents where property, injuries and some fatalities have occurred remains high, with this writer's estimate that between 100 and 200 process plant workers are killed annually, and thousands injured.

And for readers with a financial bent, BP's Texas City refinery has not yet recovered full production since the accident in 2005 that took 16 lives and damaged a significant part of the plant. These accidents carry a huge financial cost in terms of plant downtime, with loss of revenue in nearly every accident, including some plant-closing events, not to mention payouts to victims and their families and government fines, plus softer costs to corporate reputations as well as damage to communities and significant ecological costs.

But savvy end users understand that a good safety culture is about making things safer, not about being compliant with regulations. Safety systems are designed to increase plant safety, without regard to basic compliance. Compliance is assumed. Compliance comes from having a good safety culture, with a good safety system and ongoing safety process.

Unfortunately, in the security area, compliance rules. The North American Electrical Reliability Corporation (NERC) serves as the power industry's self-policing agency. NERC's Critical Infrastructure Protection (CIP) standards rely on enforcing compliance, without necessarily insisting on increased security. In fact, NERC has consistently tried to avoid security issues by literally gerrymandering which installations are to be considered "critical." Joe Weiss tells of a utility that was actually fined by NERC for violating the CIPs when it chose to go after increased security and assumed compliance.

Often, the same attitude applies in the other process industries. Cusimano notes, "Many unscrupulous vendors will sell them [end users] anything, and claim it will deliver compliance. It is still not recognized that ICS insecurity can lead to safety incidents."

Weiss points out, "The NERC CIPs would not have prevented a Stuxnet-style attack on our power industry critical infrastructure."

So What Do We Do?

In the zones

The ISA99 standard shows how to subdivide plant control networks, including the safety instrumented system (SIS) for increased cybersecurity.

Dow's Cosman says the best way to incorporate security into functional safety is to adopt the ISA99 standard. Cusimano agrees. "We recommend starting with a control system security assessment or gap analysis," at the same time you update your safety HAZOP. "Your analysis should be based on relevant standards and best practices such as ISA99. The next step is to perform detailed risk analysis or threat modeling to understand the highest risk vulnerabilities."

Here is where the two analyses should merge. In an operating process plant, the highest-risk vulnerabilities have little to do with the data in the servers or the plant manager's emails. These vulnerabilities are in the control system and the safety instrumented system, which, if compromised, could shut down the plant, or worse. As the Stuxnet malware proved, this kind of attack doesn't have to come through the network. There were apparently several attack vectors, but the most significant one for Stuxnet was a targeted "candy drop" of infected USB memory sticks in the parking lot of the plant. Users bypassed any network security measures and plugged the USB sticks directly into the engineering workstations and the process control computers.

A Functional Security Analysis

Weiss talks about how to do a functional security analysis. "A functional security analysis requires senior management buy-in to be successful."

Then, he says, do a detailed assessment of what needs to be done to beef up your ICS security that has been documented as such. That means, find out what measures and systems you think you have in place.

Next, determine what you actually have, not what you think is there. When such assessments have been done, hidden, forgotten modem connections into the control system often turn up. The recently increasing usage of smart phones and tablets needs to be considered as both a safety and a security issue, too.

Next, Weiss says, you have to determine what is connected to what and how. Only then will you be clear what the potential cyber issues are.

Then you need to determine how secure you really are. That means finding out if known security issues, such as patching, have been addressed within the context of equipment availability. If plant conditions do not allow for security implementation, determine what work-arounds have been implemented, so you can continue to operate with insecure equipment.

Weiss says that you have to recognize that plants will be hit. You have to develop a recovery plan. This is where ISA106, Procedural Automation for Continuous Process Operations, intersects ISA84 and ISA99.

Finally, ask the many-billion-dollar question: What probability would you assign to a successful cyber attack on a process plant? In other words, how worried should you be, and how much money and manpower should you throw at this problem?

Weiss succinctly responds, "There have been more than 200 actual control system cyber incidents to date (malicious or unintentional). There have been successful cyber attacks on process facilities (more than just Stuxnet). Risk is frequency times consequence. Since there are minimal control system cyber forensics and minimal information sharing, the probability is difficult to estimate, but since you can expect to have cyber-related issues eventually, the probability should be 1!"

Cybersecurity is one of the pillars of protecting our critical infrastructure. It was profiled in one of the November Special Edition stories, and Bob Mick, ARCs vice president of enterprise systems joins Controls Walt Boyes to put cybersecurity in perspective  and offer agreement and disagreement with what the article said

Walt Boyes talks about cybersecurity and its relationship to functional security. Today the process automation world is vulnerable to online safety disasters derived from online hacking, sabotage and/or cyberstupidity accidents. Sometimes, these cybersecurity breaches result in human death. Watch this Back to Basics episode and learn how you can defend your security control systems from cybersecurity attacks.